Trend Micro has been working with industry analysts like Decisive Analytics and Forrester Research to take the pulse of IT decision-makers, to help us understand their challenges and what solutions we can offer. They also give us great insights into the state of the union of BYOD.

So, let’s start with the most obvious question: how widespread is BYOD? Last year, as part of our Consumerization Report, we found that just over half – 56% of those surveyed – said their companies allowed BYOD. Our new studies in 2012 found that this number had gone up quite significantly: the Forrester study found that this figure was now above 76%. What’s most interesting is that you have countries which were relatively resistant to BYOD becoming more accepting today.

What devices are being used in BYOD? Mostly, what you’d expect: laptops, smartphones, and tablets. It’s the latter two that can cause organizations the most problems. Corporate IT knows how to secure and manage laptops running traditional operating systems; many organizations may not know yet how to properly deal with new mobile platforms stemming from unconventional IT vendors such as Apple (iOS) and Google (Android).

Even as enterprises adapt BYOD, they’re facing risks and real world consequences. The biggest worries – by far – are data security, compliance, and employee privacy. Not only that, around half of the companies surveyed have admitted that because of BYOD, they’ve lost data.

What are companies already doing to ensure that BYOD does not turn into a security nightmare? For starters, in almost all cases IT administrators are installing security and remote management software into user devices. They’re also making it easier for IT to wipe personal devices if corporate data is put at risk.

Both of these are good places to begin, but to properly secure BYOD administrators have to understand two things: what they are securing, and what the threats are.

IT administrators generally regard the top mobile OSes as being fundamentally identical to one another when it comes to security and manageability. However, that’s not completely accurate.

If you’re an IT administrator, that’s quite a problem: the most secure OS is also one that is dying; meanwhile the most popular mobile OS is the most exploited! IT managers have to understand the threat landscape for each mobile platform is subtly different, and protect against these accordingly.

Let’s look at the two biggest mobile OSes to understand what the risks are. First: the Apple iOS platform.

The perception is that Apple is a closed, secure platform. However, it’s not immune to risks: if you look at the number of vulnerabilities that are disclosed publicly, the numbers for iOS are far higher in 2012. There’s also jailbreaking, which breaks the Apple “walled garden”, thus lowering security. So iOS has its share of risks, too.

Android, however, is where the real action is as far as threats are concerned. Consider the chart below:

Android malware is growing at a rate that’s even exceeding our forecasts.

Another problem with Android is how many versions are out there in use. Consider the chart below:

More than 80% of Android devices out there are on rather old versions of Android. That means that vulnerabilities may not be fixed. New security features may not be available.

Fundamentally, where iOS is a closed platform, Android is an open one. This allows all sorts of threats to proliferate, even within the official Android app store. Let’s just look at the following incidents, which all took place just this year:

So, in short, the threats in mobile platforms do exist. However, BYOD is going to happen to your organization – whether you like it or not. What IT managers should do is find a way to make it safe for enterprises so it’s not a blind leap of faith, but a reasoned move towards the future.

The three things I want you to take away from this talk are:

1. Embrace Consumerization.

It’s going to happen; it also brings about a more productive and engaged workforce. IT administrators should realize this and work to make BYOD a success within their organization.

2. Understand the risk profile of the various mobile platforms.

Each mobile platform has different capabilities available to it, as well as risks facing it. Understanding these is key to making BYOD secure.

3. Deploy new security and management tools

Once you have an understanding of the threats and dangers facing your users, you can now deploy the appropriate tools and technologies to guard against these problems.

About Cesare Garlati

This is my personal blog about disruptive technology trends such as mobile, cloud and the Internet of things. It's full of my reasoned opinions, some of which will turn out to be absolutely wrong. You should not rely on anything in this blog for any reason other than for amusement.

This blog occasionally quotes excerpts from other publications, in which case it is done under Fair Use. I despise copyright trolls and think the EFF is due for sainthood any day now.

I am an active member of the Cloud Security Alliance, RISC-V and prpl Foundation: some of my writing will appear here too if it's relevant. The opinions here are mine and mine alone, and are not representative of any professional organizations I belong to.